b.stefanuk.caSetting up SSH SOCKS Tunnels
Using an SSH SOCKS proxy tunnel allows you to route local traffic through a proxy (which may or may not be encrypted). In other words, this lets programs route traffic through an intermediary server, which then forwards traffic to the destination IP.
SOCKS directs network traffic from a port on the local system to a port on the remote system.
Creating a Tunnel with SSH
The following command establishes a SOCKS proxy at the server specified by <proxy-ip>. SSH is then used to route all network traffic through the SOCKS proxy, enabling anything on the proxy's network to be accessible on the local network.
ssh -v -N -C -D <port> <user>@<proxy-ip>ssh -v -N -C -D <port> <user>@<proxy-ip>Required flags:-D <port>: Tells localhost to listen for traffic on <port> (make sure to use a port number greater than 1024). Optional flags:-v: Verbose mode. -N: Tells SSH not to execute a remote command, only forward ports. -C: Compresses data. Improves performance on slow networks, but may reduce performance on fast networks. -f: Runs the command in the background so a terminal window isn't required to remain open for the tunnel to exist.
<user>@<proxy-ip> is the information of the proxy server whose traffic you want to route to your machine. Optionally -p <port-ssh> can be used if SSH is not running on the default port 22.
Configuring an Application to Use the Proxy
Network applications being tunneled through the SOCKS proxy must be configured to communicate over the specified <port> instead of the typical ports used for the application.
Whether using Firefox, Google Chrome, FileZilla, or any other program, there is typically a way to configure the proxy settings. In the proxy settings page enter the loopback address (e.g. 127.0.0.1) as the SOCKS 5 host and the <port> specified when the SSH proxy was initialized.
Firefox
- Go to ☰ > Setttings > General
- Scroll to the bottom, under Network Settings select Settings...
- Enter SOCKS Host: localhost
- Enter Port:
<port> - Select SOCKS v5
- Select OK
FileZilla
Using FileZilla follow these steps
- Go to Edit > Settings...
- Go to Connection > Generic Proxy
- Select SOCKS 5
- Set Proxy host: 127.0.0.1; Proxy port:
<port>; and the proxy user and password according to the user and password you would otherwise connect to through SSH
Example
A server or headless embedded device (dev2) is accessible only through a remote shell session from another server or headless device (dev1). To access dev2 one can SSH through dev1.
orig@comp $ ssh user1@<dev1_ip>
user1@dev1 $ ssh user2@<dev2_ip>
user2@dev2 $orig@comp $ ssh user1@<dev1_ip>
user1@dev1 $ ssh user2@<dev2_ip>
user2@dev2 $Say you need to transfer files from dev2 to your computer (comp). In a pinch you could use scp twice to copy the files from dev2 to dev1 and then from dev1 to comp. Alternatively, you could setup dev1 as a proxy such that the files on dev2 can be transferred directly to comp. To do this, on comp issue
orig@comp $ ssh -f -N -D 9001 user1@<dev1_ip>orig@comp $ ssh -f -N -D 9001 user1@<dev1_ip>Now dev1 will be a proxy for dev2. Then follow the setups above to configure FileZilla to use the proxy with port 9001. Now you can connect to dev2 at <dev2_ip> by configuring a typical FileZilla site.
You can also use SFTP from comp to directly access dev2 by issuing
sftp -o ProxyCommand='/usr/bin/nc -x 127.0.0.1:9001 %h %p' user2@<dev2_ip>
Connected to <dev2_ip>
sftp>sftp -o ProxyCommand='/usr/bin/nc -x 127.0.0.1:9001 %h %p' user2@<dev2_ip>
Connected to <dev2_ip>
sftp>Now use standard SFTP commands such as cd, pwd, get, and put to traverse the file system and transfer files
SSH Reverse Proxy
ssh -D 6969 -nNT [email protected]ssh -D 6969 -nNT [email protected]ADDITIONAL RESOURCE